/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
road #
 cp policies/* /etc/ipsec.d/policies/
road #
 echo "192.1.2.0/24"  >> /etc/ipsec.d/policies/private-or-clear
road #
 ipsec start
Redirecting to: [initsystem]
road #
 ../../guestbin/wait-until-pluto-started
road #
 # give OE policies time to load
road #
 ../../guestbin/wait-for.sh --match 'loaded 10,' -- ipsec auto --status
Total IPsec connections: loaded 10, active 0
road #
 echo "initdone"
initdone
road #
 # trigger OE; then wait
road #
 ../../guestbin/ping-once.sh --forget -I 192.1.3.209 192.1.2.23
fired and forgotten
road #
 ../../guestbin/wait-for.sh --match private-or-clear -- ipsec whack --trafficstatus
#2: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=0, outBytes=0, maxBytes=2^63B, id='ID_NULL'
road #
 ipsec whack --shuntstatus
Bare Shunt list:
 
road #
 # ping should succeed through tunnel
road #
 ../../guestbin/ping-once.sh --up -I 192.1.3.209 192.1.2.23
up
road #
 ipsec whack --trafficstatus
#2: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=84, outBytes=84, maxBytes=2^63B, id='ID_NULL'
road #
 # prevent delete notify
road #
 ipsec whack --impair send_no_delete
road #
 ipsec restart
Redirecting to: [initsystem]
road #
 ../../guestbin/wait-until-pluto-started
road #
 # give OE policies time to load
road #
 ../../guestbin/wait-for.sh --match 'loaded 10,' -- ipsec auto --status
Total IPsec connections: loaded 10, active 0
road #
 # re-trigger OE
road #
 ../../guestbin/ping-once.sh --forget -I 192.1.3.209 192.1.2.23
fired and forgotten
road #
 ../../guestbin/wait-for.sh --match private-or-clear -- ipsec whack --trafficstatus
#2: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=0, outBytes=0, maxBytes=2^63B, id='ID_NULL'
road #
 # test the new tunnel works properly
road #
 ../../guestbin/ping-once.sh --up -I 192.1.3.209 192.1.2.23
up
road #
 # Now imitate a second independent client to east to show this 2nd
road #
 # client doesn't kill 1st client
road #
 killall -9 pluto
road #
 ../../guestbin/ip.sh address del 192.1.3.209/24 dev eth0
road #
 ../../guestbin/ip.sh address add 192.1.3.210/24 dev eth0
road #
 ../../guestbin/ip.sh route add 0.0.0.0/0 via 192.1.3.254
road #
 # wait on OE to load; give it a different byte count
road #
 ipsec restart
Redirecting to: [initsystem]
road #
 ../../guestbin/wait-until-pluto-started
road #
 ../../guestbin/ping-once.sh --forget -I 192.1.3.210 192.1.2.23
fired and forgotten
road #
 ../../guestbin/wait-for.sh --match private-or-clear -- ipsec whack --trafficstatus
#2: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=0, outBytes=0, maxBytes=2^63B, id='ID_NULL'
road #
 ../../guestbin/ping-once.sh --up -I 192.1.3.210 192.1.2.23
up
road #
 ../../guestbin/ping-once.sh --up -I 192.1.3.210 192.1.2.23
up
road #
 echo done
done
road #
 # road should have one tunnel, east should have two (from both IPs road used)
road #
 ipsec whack --trafficstatus
#2: "private-or-clear#192.1.2.0/24"[1] ...192.1.2.23, type=ESP, add_time=1234567890, inBytes=168, outBytes=168, maxBytes=2^63B, id='ID_NULL'
road #
 # check for a counting bug where total SA's is wrong on east
road #
 ipsec status | grep 'authenticated'
IKE SAs: total(1), half-open(0), open(0), authenticated(0), anonymous(1)
IPsec SAs: total(1), authenticated(0), anonymous(1)
road #
 # verify no packets were dropped due to missing SPD policies
road #
 grep -v -P "\t0$" /proc/net/xfrm_stat
XfrmOutNoStates         	3
road #
 
